Red Hat Bugzilla – Bug 88136
redhat-config-security level interface is confusing
Last modified: 2007-04-18 12:52:48 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131 Description of problem: If, like me, one does not understand very much about firewalls, the UI of redhat-config-securitylevel is a little confusing: if you select "Customize" instead of "Use default firewall rules" which takes precedence - "Trusted devices" or "Allow incoming"? Take this scenario: I don't want any connections from outside at all, but I run VMware and want VMs to be able to access Apache on the host without allowing HTTP requests from outside my machine to be allowed. If eth0 is not selected as a trusted device but HTTP is selected for allow incoming, and an HTTP request comes from eth0 which wins out? Similarly if vmnet0 is selected as a trusted device but HTTP is not selected for allow incoming and an HTTP request comes from vmnet0 what happens? Version-Release number of selected component (if applicable): 1.1.1-3 How reproducible: Always Steps to Reproduce: 1. Start redhat-config-securitylevel 2. Select Customize 3. Become confused Actual Results: Nagging worry that I have opened a giant security hole in my machine Expected Results: Warm fuzzy feeling and sense of well-being that my firewall is configured correctly Additional info:
88388 is closed, but says a similar thing.
In general, the "Customize" part of any user interface assumes that the user knows enough to make manual changes to override the default settings. I think that the documentation for this tool adaquately explains the choices that the "Customize" mode presents. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/ch-basic-firewall.html#S1-BASIC-FIREWALL-SECURITYLEVEL I agree that the user interface layout could be improved. However, there's only so much that the interface can do to explain a concept as complicated as firewalls to a user who is not familiar with them.